Web Application Security

In this day and age most people have some sort of internet presence, whether it be through Facebook, Twitter, a profile on a university website, or your own business website. When you have a presence on the internet, your data is stored somewhere, all of your information. If you purchase something through Amazon or PayPal, your credit card information is stored. On Facebook, all of your pictures and conversations are stored. On Twitter sometimes even your geographic location is stored, in the form of latitude and longitude. Now that’s quite a lot of information to be stored, all of it being very personal and dangerous even if the wrong hands were able to access it. Do you trust that these companies are keeping your data secure? I sure hope they are.

Out in the real world, web applications are the most targeted platforms for malicious attacks. Reasons range from trying to steal information, defacement, and sometimes even just for fun. Sometimes user data is desired, or maybe even application source code. Trying to gain access to company trade secrets wouldn’t be out of the question either–just imagine if Coca-Cola’s recipe went public! Web site attacks are usually the most simple ones to execute, both because of error in the software used or bad programming logic/implementation. Though that, attackers could possibly do more magic and get access to other servers throughout the network, completely compromising a company.

Throughout my time in the IT world, I’ve come across a few security incidents and have gotten a chance to examine and analyze them. In one such incident, an application database was overwritten with malicious code that was supposed to display out to the end user, but ended up breaking the web application so badly, the site wasn’t functional. In another, some web pages were compromised and injected with some encoded malicious code. For that, I had to figure out how to decode the seemingly random line of text and figure out what happened and how to fix it.

I recently gave a presentation on web application security so please check out the slides down below. They might be a little more in-depth and confusing, since they were only used as an aid, but maybe a simple quiz question or two will appear from them! Thanks for reading and be sure to take the quiz and leave comments!